From 1015999867c780a891d95d9ef60937aa0d8f5afb Mon Sep 17 00:00:00 2001
From: J0WI <J0WI@users.noreply.github.com>
Date: Fri, 15 Apr 2022 18:32:38 +0200
Subject: [PATCH] main/asterisk: security upgrade to 18.11.2
---
main/asterisk/APKBUILD | 13 +--
main/asterisk/CVE-2021-32558.patch | 126 -----------------------------
2 files changed, 7 insertions(+), 132 deletions(-)
delete mode 100644 main/asterisk/CVE-2021-32558.patch
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
index 80dc4cecddc1..f19a684766bc 100644
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Timo Teras <timo.teras@iki.fi>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=asterisk
-pkgver=18.2.2
-pkgrel=5
+pkgver=18.11.2
+pkgrel=0
pkgdesc="Modular Open Source PBX System"
pkgusers="asterisk"
pkggroups="asterisk"
@@ -69,13 +69,16 @@ source="$_download/asterisk-$pkgver.tar.gz
20-musl-astmm-fix.patch
30-asterisk-mariadb.patch
40-asterisk-cdefs.patch
- CVE-2021-32558.patch
asterisk.initd
asterisk.confd
asterisk.logrotate
"
# secfixes:
+# 18.11.2-r0:
+# - CVE-2022-26498
+# - CVE-2022-26499
+# - CVE-2022-26651
# 18.2.2-r2:
# - CVE-2021-32558
# 18.2.1-r0:
@@ -162,7 +165,6 @@ build() {
--enable app_meetme \
--enable cdr_mysql \
--disable BUILD_NATIVE \
- --enable IMAP_STORAGE \
--enable codec_opus_open_source \
menuselect.makeopts
@@ -238,14 +240,13 @@ sound_en() {
}
sha512sums="
-e15fe3c7f46d49991bcb6f6f565f15e4af0d658b4cd6b091079209dd95a8027858effdc2f2314d72ed46a73cdebc089d3c27d5cf8db50d2d21f3c317a8a4a546 asterisk-18.2.2.tar.gz
+6b33949edb26b8dec5c4c79fe07f4fe3c82a83014944b142ffe5cdf9e626a7240e65c31f9215136ab964b14e077829c4ae99e1b0c2067e8b8ac016f628281e06 asterisk-18.11.2.tar.gz
aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz
69d82b878728f99b7bf7e862025cbc01aa5b6b9332a5372059ea89a788c66fd351f1103989b3573a7a4ba9ff533f3ee2ff5d88de938440e05d6246e41a882306 asterisk-13.7-90e8780faccc79e68c07775c6ab2fe1ffaccfa08.tar.gz
771237ba6d42ab62d914f2702234b23fd0bc8c22f2aa33b0e745c9170163c8046f6d48ecb299faab3d6fb397f1aa046421083c3cc88510c9779861c522f357dd 10-musl-mutex-init.patch
0fae11b42894ab3d405bc50e9275b9084712b482fbf9b4259ea938667fc5cbe413655f3ff83da0f607151bb2b6e49c2f741b5ada6944dbb478f076ef8d86380a 20-musl-astmm-fix.patch
616de74bdd3c4a6e899128c73e31f5ff219095d2afe321f85a51f518ec2e9dac9b63396eed8e2568c295f1beb90f9a506c72d28211a973b35185bfffd24af37e 30-asterisk-mariadb.patch
ba33f11169284f190b7dabab1da7d2751cb65d7976408db635a892fa17d7552e1660350017e7aada3464ecc7d9d6e99d6ad76d66c0036de062a386cffbc948e6 40-asterisk-cdefs.patch
-87df7c97c0963f41a6d61ed80c7b9996d7f38fa39bbca50c3157f4bb68146e1c977459dfdff734395aca4fd9d801c15d6c996bfabdd81be16b96f3bbe92ff480 CVE-2021-32558.patch
0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd
ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd
449b5808d90c813c23432274fba47e53227e3a924a55719d2f9e5a90fd2dfb33660a5c85c7e8f11fbb1cd93387e5c68329ed5583f7a64c2451fadad62a9f87dd asterisk.logrotate
diff --git a/main/asterisk/CVE-2021-32558.patch b/main/asterisk/CVE-2021-32558.patch
deleted file mode 100644
index 522d8d6f4ff7..000000000000
--- a/main/asterisk/CVE-2021-32558.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 852a8780cb45db0dca7c18b364cb0485a1e09840 Mon Sep 17 00:00:00 2001
-From: Kevin Harwell <kharwell@sangoma.com>
-Date: Mon, 10 May 2021 17:59:00 -0500
-Subject: [PATCH] AST-2021-008 - chan_iax2: remote crash on unsupported media format
-
-If chan_iax2 received a packet with an unsupported media format, for
-example vp9, then it would set the frame's format to NULL. This could
-then result in a crash later when an attempt was made to access the
-format.
-
-This patch makes it so chan_iax2 now ignores/drops frames received
-with unsupported media format types.
-
-ASTERISK-29392 #close
-
-Change-Id: Ifa869a90dafe33eed8fd9463574fe6f1c0ad3eb1
----
-
-diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
-index 4122c04..c57434b 100644
---- a/channels/chan_iax2.c
-+++ b/channels/chan_iax2.c
-@@ -4132,6 +4132,7 @@
- long ms;
- long next;
- struct timeval now = ast_tvnow();
-+ struct ast_format *voicefmt;
-
- /* Make sure we have a valid private structure before going on */
- ast_mutex_lock(&iaxsl[callno]);
-@@ -4151,10 +4152,9 @@
-
- ms = ast_tvdiff_ms(now, pvt->rxcore);
-
-- if(ms >= (next = jb_next(pvt->jb))) {
-- struct ast_format *voicefmt;
-- voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat);
-- ret = jb_get(pvt->jb, &frame, ms, voicefmt ? ast_format_get_default_ms(voicefmt) : 20);
-+ voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat);
-+ if (voicefmt && ms >= (next = jb_next(pvt->jb))) {
-+ ret = jb_get(pvt->jb, &frame, ms, ast_format_get_default_ms(voicefmt));
- switch(ret) {
- case JB_OK:
- fr = frame.data;
-@@ -4182,7 +4182,7 @@
- pvt = iaxs[callno];
- }
- }
-- break;
-+ break;
- case JB_DROP:
- iax2_frame_free(frame.data);
- break;
-@@ -6451,8 +6451,14 @@
- f->frametype = fh->type;
- if (f->frametype == AST_FRAME_VIDEO) {
- f->subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub & ~0x40) | ((fh->csub >> 6) & 0x1));
-+ if (!f->subclass.format) {
-+ f->subclass.format = ast_format_none;
-+ }
- } else if (f->frametype == AST_FRAME_VOICE) {
- f->subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub));
-+ if (!f->subclass.format) {
-+ f->subclass.format = ast_format_none;
-+ }
- } else {
- f->subclass.integer = uncompress_subclass(fh->csub);
- }
-@@ -9929,8 +9935,8 @@
- } else if (iaxs[fr->callno]->voiceformat == 0) {
- ast_log(LOG_WARNING, "Received trunked frame before first full voice frame\n");
- iax2_vnak(fr->callno);
-- } else {
-- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->voiceformat);
-+ } else if ((f.subclass.format = ast_format_compatibility_bitfield2format(
-+ iaxs[fr->callno]->voiceformat))) {
- f.datalen = len;
- if (f.datalen >= 0) {
- if (f.datalen)
-@@ -10173,11 +10179,17 @@
- f.frametype = fh->type;
- if (f.frametype == AST_FRAME_VIDEO) {
- f.subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub & ~0x40));
-+ if (!f.subclass.format) {
-+ return 1;
-+ }
- if ((fh->csub >> 6) & 0x1) {
- f.subclass.frame_ending = 1;
- }
- } else if (f.frametype == AST_FRAME_VOICE) {
- f.subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub));
-+ if (!f.subclass.format) {
-+ return 1;
-+ }
- } else {
- f.subclass.integer = uncompress_subclass(fh->csub);
- }
-@@ -11795,6 +11807,11 @@
- f.subclass.frame_ending = 1;
- }
- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->videoformat);
-+ if (!f.subclass.format) {
-+ ast_variables_destroy(ies.vars);
-+ ast_mutex_unlock(&iaxsl[fr->callno]);
-+ return 1;
-+ }
- } else {
- ast_log(LOG_WARNING, "Received mini frame before first full video frame\n");
- iax2_vnak(fr->callno);
-@@ -11816,9 +11833,14 @@
- } else {
- /* A mini frame */
- f.frametype = AST_FRAME_VOICE;
-- if (iaxs[fr->callno]->voiceformat > 0)
-+ if (iaxs[fr->callno]->voiceformat > 0) {
- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->voiceformat);
-- else {
-+ if (!f.subclass.format) {
-+ ast_variables_destroy(ies.vars);
-+ ast_mutex_unlock(&iaxsl[fr->callno]);
-+ return 1;
-+ }
-+ } else {
- ast_debug(1, "Received mini frame before first full voice frame\n");
- iax2_vnak(fr->callno);
- ast_variables_destroy(ies.vars);
--
GitLab